Aug 01
My friend John Welch has pointed out a colossally stupid security problem with the Finder and the postflight script used by the Flip4Mac installer (which could potentially belong to any other installer as well). The worst part is, neither Apple nor Flip4Mac seems very interested in this problem or its correction.
Check out John’s blog for the details.
My .Mac Web Gallery
Loading ...
August 2nd, 2006 at 11:17 am
Telestream IS smart. Flip4Mac is great. You can depend on them to solve any issues that need to be addressed. Also, expect cool new products from them now that they have acquired Popwire
August 2nd, 2006 at 11:26 am
No doubt that Flip4Mac’s plugin is great, and stupid people couldn’t create something like that. But if John is telling the story accurately, and I believe he is, their response to what is very obviously a serious security problem was lukewarm at best. The only solution to the problem at this point is not to pop up the Finder window with the Flip4Mac application after install, which is easy to fix as it requires a couple of lies removed from the postflight script. Flip4Mac’s intentions and abilities aren’t being questioned here, rather, John is questioning their method of responding to the problem and the customer. It doesn’t inspire a great deal of confidence to say “Oh, we’ll look into that,” when the problem is so serious. And it doesn’t do Apple any credit to say, the developer shouldn’t do that, when it’s the design of Apple’s operating system that leaves the door wide open for issues like this.